On Tuesday, April 7th, the Federal Bureau of Investigation (FBI) issued a Public Service Announcement regarding recent attacks on WordPress websites by hackers sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The individuals carrying out these attacks have targeted websites of all types.
“The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites.”
These attackers are using “relatively unsophisticated” techniques to gain access to WordPress websites via vulnerabilities in plugins. As of late, there seems to have been a surge in security holes from WordPress plugins. Daniel Cid, Founder of the Security blog, Sucuri, has said that the top 2 plugins currently being exploited are:
- Outdated RevSlider – Version < 4.2 – Possible Source
- Outdated GravityForms – Version < v1.8.20 – Possible Source
“The vulnerabilities being exploited appear to be from older versions of the plugins that have yet to be patched. We are not aware of any new vulnerabilities in either of the plugins.
Specially Revslider, which is the #1 by far compared to the others. After these first two, we are seeing many attack against FancyBox, Wp Symposium, Mailpoet and other popular plugins that had vulnerabilities disclosed recently. This list is not exhaustive at all, as it seems the attackers try to exploit whatever they can get their hands on, but it gives you an idea of what they are looking for.”
As discussed in a recent post on the Yoast SEO Exploit, protecting your site can be as simple as making sure your WordPress install and plugins are always up-to-date. Unfortunately, many business owners do not keep up on security news or basic maintenance of their website. Some of the exploits being used by these attackers have been patched by the plugin authors as far back as 5 months ago.
While the FBI has said that the individuals carrying out these attacks are not members of ISIL, but low-level hackers simply using the ISIL name to gain notoriety, the threat is real. Always ensure that your website is patched and that only plugins from trusted sources are installed. One of the things that make WordPress so great is also one of it’s biggest downfalls. The WordPress Plugin Repository has an overwhelming amount of plugins available for download. Although many of these plugins can be tempting to install, a large number of their developers do not have in-depth knowledgeable about website security, and, as a result, can open up your website to further exploits.